ENABLING SERVICE ORCHESTRATION, TRANSACTIONALITY AND SECURITY IN UPNP Aitor Almeida Escondrillas University of Deusto Avda. de las Universidades, 24 48007 Bilbao (SPAIN) aalmeida@tecnologico.deusto.es David Sainz Gonzalez University of Deusto Avda. de las Universidades, 24 48007 Bilbao (SPAIN) dsainz@tecnologico.deusto.es ABSTRACT UPnP defines a specification to discover and manage services in local area networks. The specification does not address topics like service orchestration, transactionality and security, lacking of the necessary capabilities for a Service Oriented Architecture. We suggest some modifications on UPnP to enable a rich service environment in which services collaborate to achieve common goals, controlling which operations in each service can be accessed by others. KEYWORDS UPnP, orchestration, security, transactionality 1. INTRODUCTION The UPnP [1] specification defines a simple interconnection method between different stand-alone devices and PCs based on TCP/IP and XML description files of the devices and their services. The specification enables the automatic discovery of the devices and the services and the remote invocation of their actions. However it doesn’t support some desirable characteristics in a rich service oriented architecture. The lack of a way to declaratively express collaborative orchestration among different services and transactional rules as well as the absence of authentication and authorization limits severely the specification. The absence of security mechanisms allows any user in the network to discover the devices and invoke their methods leading this to serious security holes in some scenarios. For example some UPnP enabled routers implement methods to remap their configuration and to observe any passing traffic. On the other hand the progress made in the Semantic Web with languages like OWL-S [2] can be applied to the UPnP specification, introducing semantic description of the collaboration between services in their XML description file. The aim of this paper is to propose some modifications in the specification to provide developers with suitable tools to implement improved UPnP devices. 2. STATE OF THE ART AND RELATED WORK With all the work being done in the area of SOA architectures service orchestration is an interesting research field. The research that is being done in this field of study is principally aimed to Web Services [3]. This research addresses service composition [4] and workflow control [5] mainly, using languages like BPEL [6],